CWE-228 – Improper Handling of Syntactically Invalid Structure

Read Time:26 Second

Description

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-703
CWE-707

 

Consequences

Integrity, Availability: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)

If an input is syntactically invalid, then processing the input could place the system in an unexpected state that could lead to a crash, consume available system resources or other unintended behaviors.

 

Potential Mitigations

CVE References